Wordfence and WP Staging

  • Hi there,

    I was wondering what the best setup of Wordfence would be in conjunction with WP Staging Pro.

    I use WP Staging Pro to create staging and development copies in subfolder, like domain.tld/staging/ and domain.tld/dev/.

    Should I install Wordfence on each of these installs or online on the main install and then use ‘Scan files outside your WordPress installation’ in the scan options?

    When setting up the ‘Optimize Wordfence Firewall’ I saw this warning: ‘If you have separate WordPress installations with Wordfence installed within a subdirectory of this site, it is recommended that you perform the Firewall installation procedure on those sites before this one.’ so that got me wondering what the best setup would be.

    The staging websites are behind a password protected login by the way…

    Hope you can give me some advice.

    Kind regards,
    Menno

Viewing 5 replies - 1 through 5 (of 5 total)

  • Hey @fixer1,

    We do suggest setting up the Firewall protection with subsites first, then working your way up through the file structure. However, if it’s password-protected you aren’t going to be able to make use of the Scanner unless you make an exception for our IPs. The range needing the exception will be 69.46.36.0/27.

    Please let me know if this helps.

    Thanks,

    Gerroald

    Thread Starter fixer1

    (@fixer1)

    Hi Gerroald,

    thanks for that quick response.

    We are sometimes adding and removing staging / development subsites, so I’m looking for the best way to make working with Wordfence workable/maintainable.

    So what would I do then, if a staging website is removed and another one is created? As Wordfence would already be active on the live website, how would I best go about this then? Deactivate the firewall on the live site, switch it on on the staging site and reactivated it on live?

    Wouldn’t it be better then, to activate ‘Scan files outside your WordPress installation’ on the live site to scan staging subsites and then deactivate the plugin on those staging sites, or would that be a bad idea (security wise). Taking into consideration the staging websites are password protected.

    Hey @fixer1,

    As long as the server is beefy enough to complete the scan I believe Scan files outside your WordPress installation would be just fine, and less labor-intensive. However, you’ll lose the ability to set up other features not related to the scan. This is a personal preference, seeing the site is password-protected it may not be a concern of yours. If you do choose to leave Wordfence installed on the subsites you can create an export of your settings to import and save a little time.

    https://www.wordfence.com/help/tools/import-export/

    Please let me know if this helps.

    Thanks,

    Gerroald

    Thread Starter fixer1

    (@fixer1)

    Hi @wfgerald,

    thanks for the explanation.

    The only thing I don’t quite grasp yet is why the firewall should be set up on subsites first and at the same time I could do a settings import when installing a new subsite.

    Isn’t that the same as setting up the firewall on the main site and then later, after adding subsites, importing settings on the subsites (or maybe selecting a template for the subsites through Wordfence Central)?

    Just trying to understand it fully before I standardise our procedure for this.

    Thanks for all the help!
    Menno

    Thread Starter fixer1

    (@fixer1)

    Hi @wfgerald ,

    if you have a minute to help out, would be greatly appreciated!

    Thanks!

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Wordfence and WP Staging’ is closed to new replies.

Tags